
<!DOCTYPE HTML>
<html lang="zh-hans" >
    <head>
        <meta charset="UTF-8">
        <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
        <title>OpenSSL、PKI搭建 · AGou's StudyNote</title>
        <meta http-equiv="X-UA-Compatible" content="IE=edge" />
        <meta name="description" content="">
        <meta name="generator" content="GitBook 3.2.3">
        <meta name="author" content="AGou">
        
        
    
    <link rel="stylesheet" href="../gitbook/style.css">

    
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-anchors/plugin.css">
                
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-tbfed-pagefooter/footer.css">
                
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-expandable-chapters-small/expandable-chapters-small.css">
                
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-anchor-navigation-ex/style/plugin.css">
                
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-prism/prism-tomorrow.css">
                
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-insert-logo/plugin.css">
                
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-search-pro/search.css">
                
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-splitter/splitter.css">
                
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-lightbox/css/lightbox.min.css">
                
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-donate/plugin.css">
                
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-code/plugin.css">
                
            
                
                <link rel="stylesheet" href="../gitbook/gitbook-plugin-fontsettings/website.css">
                
            
        

    

    
        
    
        
    
        
    
        
    
        
    
        
    

        
    
    
    
    <meta name="HandheldFriendly" content="true"/>
    <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
    <meta name="apple-mobile-web-app-capable" content="yes">
    <meta name="apple-mobile-web-app-status-bar-style" content="black">
    <link rel="apple-touch-icon-precomposed" sizes="152x152" href="../gitbook/images/apple-touch-icon-precomposed-152.png">
    <link rel="shortcut icon" href="../gitbook/images/favicon.ico" type="image/x-icon">

    
    <link rel="next" href="DNS服务器.html" />
    
    
    <link rel="prev" href="shell_awk.html" />
    

    <style>
    @media only screen and (max-width: 640px) {
        .book-header .hidden-mobile {
            display: none;
        }
    }
    </style>
    <script>
        window["gitbook-plugin-github-buttons"] = {"repo":"AGou-ops/myStudyNote","types":["star","watch","fork"],"size":"small"};
    </script>

    </head>
    <body>
        
<div class="book">
    <div class="book-summary">
        
            
<div id="book-search-input" role="search">
    <input type="text" placeholder="输入并搜索" />
</div>

            
                <nav role="navigation">
                


<ul class="summary">
    
    
    
        
        <li>
            <a href="http://agou-ops.github.io" target="_blank" class="custom-link">◆点击进入我的个人博客</a>
        </li>
    
    

    
    <li class="divider"></li>
    

    
        
        
    
        <li class="chapter " data-level="1.1" data-path="../">
            
                <a href="../">
            
                    
                        <b>1.1.</b>
                    
                    关于我
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2" data-path="../Program_lang/">
            
                <a href="../Program_lang/">
            
                    
                        <b>1.2.</b>
                    
                    编程语言
            
                </a>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.2.1" data-path="../Program_lang/Python.html">
            
                <a href="../Program_lang/Python.html">
            
                    
                        <b>1.2.1.</b>
                    
                    Python
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2.2" data-path="../Program_lang/Java.html">
            
                <a href="../Program_lang/Java.html">
            
                    
                        <b>1.2.2.</b>
                    
                    Java
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2.3" data-path="../Program_lang/Splash_Lua.html">
            
                <a href="../Program_lang/Splash_Lua.html">
            
                    
                        <b>1.2.3.</b>
                    
                    Splash_Lua
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="1.3" data-path="../Database/">
            
                <a href="../Database/">
            
                    
                        <b>1.3.</b>
                    
                    数据库
            
                </a>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.3.1" data-path="../Database/Mysql、MariaDB/README.md">
            
                <span>
            
                    
                        <b>1.3.1.</b>
                    
                    Mysql/MariaDB
            
                </a>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.3.1.1" data-path="../Database/Mysql、MariaDB/MySQL、MariaDB基础.html">
            
                <a href="../Database/Mysql、MariaDB/MySQL、MariaDB基础.html">
            
                    
                        <b>1.3.1.1.</b>
                    
                    MySQL/MariaDB基础
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.3.1.2" data-path="../Database/Mysql、MariaDB/php-mysql.html">
            
                <a href="../Database/Mysql、MariaDB/php-mysql.html">
            
                    
                        <b>1.3.1.2.</b>
                    
                    php-mysql
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="1.3.2" data-path="../Database/MongoDB.html">
            
                <a href="../Database/MongoDB.html">
            
                    
                        <b>1.3.2.</b>
                    
                    MongoDB
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.3.3" data-path="../Database/Redis.html">
            
                <a href="../Database/Redis.html">
            
                    
                        <b>1.3.3.</b>
                    
                    Redis
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="1.4" data-path="./">
            
                <a href="./">
            
                    
                        <b>1.4.</b>
                    
                    Linux
            
                </a>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.4.1" data-path="Linux基础.html">
            
                <a href="Linux基础.html">
            
                    
                        <b>1.4.1.</b>
                    
                    Linux基础
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.2" data-path="Linux启动流程、内核、grub、模块、内核的编译、anaconda自动化.html">
            
                <a href="Linux启动流程、内核、grub、模块、内核的编译、anaconda自动化.html">
            
                    
                        <b>1.4.2.</b>
                    
                    Linux启动流程、内核、grub、模块等
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.3" data-path="Linux服务器.html">
            
                <a href="Linux服务器.html">
            
                    
                        <b>1.4.3.</b>
                    
                    Linux服务器
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.4" data-path="Linux状态信息.html">
            
                <a href="Linux状态信息.html">
            
                    
                        <b>1.4.4.</b>
                    
                    Linux状态信息
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.5" data-path="Linux网络客户端工具.html">
            
                <a href="Linux网络客户端工具.html">
            
                    
                        <b>1.4.5.</b>
                    
                    Linux网络客户端工具
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.6" data-path="Linux网络配置.html">
            
                <a href="Linux网络配置.html">
            
                    
                        <b>1.4.6.</b>
                    
                    Linux网络配置
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.7" data-path="Linux配置文件.md">
            
                <span>
            
                    
                        <b>1.4.7.</b>
                    
                    Linux配置文件
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.8" data-path="Linux时间服务器.html">
            
                <a href="Linux时间服务器.html">
            
                    
                        <b>1.4.8.</b>
                    
                    Linux时间服务器
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.9" data-path="Linux日志管理系统.html">
            
                <a href="Linux日志管理系统.html">
            
                    
                        <b>1.4.9.</b>
                    
                    Linux日志管理系统
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.10" data-path="sudo详解.html">
            
                <a href="sudo详解.html">
            
                    
                        <b>1.4.10.</b>
                    
                    sudo详解
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.11" data-path="SElinux.html">
            
                <a href="SElinux.html">
            
                    
                        <b>1.4.11.</b>
                    
                    SELinux
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.12" data-path="iptables.html">
            
                <a href="iptables.html">
            
                    
                        <b>1.4.12.</b>
                    
                    iptables
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.13" data-path="Linux_shell.html">
            
                <a href="Linux_shell.html">
            
                    
                        <b>1.4.13.</b>
                    
                    Linux Shell
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.14" data-path="shell_awk.html">
            
                <a href="shell_awk.html">
            
                    
                        <b>1.4.14.</b>
                    
                    shell_awk
            
                </a>
            

            
        </li>
    
        <li class="chapter active" data-level="1.4.15" data-path="OpenSSL、PKI搭建、算法.html">
            
                <a href="OpenSSL、PKI搭建、算法.html">
            
                    
                        <b>1.4.15.</b>
                    
                    OpenSSL、PKI搭建
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.16" data-path="DNS服务器.html">
            
                <a href="DNS服务器.html">
            
                    
                        <b>1.4.16.</b>
                    
                    DNS服务器
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.17" data-path="Frp内网穿透.html">
            
                <a href="Frp内网穿透.html">
            
                    
                        <b>1.4.17.</b>
                    
                    Frp内网穿透
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.18" data-path="Linux其他.md">
            
                <span>
            
                    
                        <b>1.4.18.</b>
                    
                    Linux其他
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="1.5" data-path="../Linux_FileSystem/">
            
                <a href="../Linux_FileSystem/">
            
                    
                        <b>1.5.</b>
                    
                    Linux文件系统
            
                </a>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.5.1" data-path="../Linux_FileSystem/FTP.html">
            
                <a href="../Linux_FileSystem/FTP.html">
            
                    
                        <b>1.5.1.</b>
                    
                    FTP
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.5.2" data-path="../Linux_FileSystem/SAMBA.html">
            
                <a href="../Linux_FileSystem/SAMBA.html">
            
                    
                        <b>1.5.2.</b>
                    
                    SAMBA
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="1.6" data-path="../Linux_Tools/">
            
                <a href="../Linux_Tools/">
            
                    
                        <b>1.6.</b>
                    
                    Linux工具
            
                </a>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.6.1" data-path="../Linux_Tools/fzf工具.html">
            
                <a href="../Linux_Tools/fzf工具.html">
            
                    
                        <b>1.6.1.</b>
                    
                    fzf工具
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.6.2" data-path="../Linux_Tools/工具集合.html">
            
                <a href="../Linux_Tools/工具集合.html">
            
                    
                        <b>1.6.2.</b>
                    
                    Linux工具集合
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="1.7" data-path="../WEB_Server/">
            
                <a href="../WEB_Server/">
            
                    
                        <b>1.7.</b>
                    
                    网站服务器
            
                </a>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.7.1" data-path="../WEB_Server/HTML基础.html">
            
                <a href="../WEB_Server/HTML基础.html">
            
                    
                        <b>1.7.1.</b>
                    
                    HTML基础
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.7.2" data-path="../WEB_Server/WEB基础.html">
            
                <a href="../WEB_Server/WEB基础.html">
            
                    
                        <b>1.7.2.</b>
                    
                    WEB基础
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.7.3" data-path="../WEB_Server/httpd.html">
            
                <a href="../WEB_Server/httpd.html">
            
                    
                        <b>1.7.3.</b>
                    
                    httpd/Apache
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.7.4" data-path="../WEB_Server/httpd.conf文件详解.html">
            
                <a href="../WEB_Server/httpd.conf文件详解.html">
            
                    
                        <b>1.7.4.</b>
                    
                    httpd.conf文件详解
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.7.5" data-path="../WEB_Server/Nginx.html">
            
                <a href="../WEB_Server/Nginx.html">
            
                    
                        <b>1.7.5.</b>
                    
                    Nginx
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.7.6" data-path="../WEB_Server/HTTP状态码-详情.html">
            
                <a href="../WEB_Server/HTTP状态码-详情.html">
            
                    
                        <b>1.7.6.</b>
                    
                    HTTP状态码-详情
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="1.8" data-path="../Common_Framework/">
            
                <a href="../Common_Framework/">
            
                    
                        <b>1.8.</b>
                    
                    常用框架
            
                </a>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.8.1" data-path="../Common_Framework/LNMP.html">
            
                <a href="../Common_Framework/LNMP.html">
            
                    
                        <b>1.8.1.</b>
                    
                    LNMP
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.8.2" data-path="../Common_Framework/LAMP.html">
            
                <a href="../Common_Framework/LAMP.html">
            
                    
                        <b>1.8.2.</b>
                    
                    LAMP
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="1.9" data-path="../Docker&K8s/">
            
                <a href="../Docker&K8s/">
            
                    
                        <b>1.9.</b>
                    
                    容器及容器编排
            
                </a>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.9.1" data-path="../Docker&K8s/Docker/Docker.html">
            
                <a href="../Docker&K8s/Docker/Docker.html">
            
                    
                        <b>1.9.1.</b>
                    
                    Docker
            
                </a>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.9.1.1" data-path="../Docker&K8s/Docker/Docker.html">
            
                <a href="../Docker&K8s/Docker/Docker.html">
            
                    
                        <b>1.9.1.1.</b>
                    
                    Docker
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="1.9.2" data-path="../Docker&K8s/K8s/">
            
                <a href="../Docker&K8s/K8s/">
            
                    
                        <b>1.9.2.</b>
                    
                    K8s
            
                </a>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.9.2.1" data-path="../Docker&K8s/K8s/K8s基础知识.html">
            
                <a href="../Docker&K8s/K8s/K8s基础知识.html">
            
                    
                        <b>1.9.2.1.</b>
                    
                    K8s基础知识
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.9.2.2" data-path="../Docker&K8s/K8s/K8s安装与部署.html">
            
                <a href="../Docker&K8s/K8s/K8s安装与部署.html">
            
                    
                        <b>1.9.2.2.</b>
                    
                    K8s安装与部署
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="1.10" data-path="../Git/">
            
                <a href="../Git/">
            
                    
                        <b>1.10.</b>
                    
                    Git
            
                </a>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.10.1" data-path="../Git/Git基础.html">
            
                <a href="../Git/Git基础.html">
            
                    
                        <b>1.10.1.</b>
                    
                    Git基础
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.10.2" data-path="../Git/GitLab服务器.html">
            
                <a href="../Git/GitLab服务器.html">
            
                    
                        <b>1.10.2.</b>
                    
                    GitLab服务器
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="1.11" data-path="../Windows/">
            
                <a href="../Windows/">
            
                    
                        <b>1.11.</b>
                    
                    Windows系统
            
                </a>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.11.1" data-path="../Windows/cmd命令.html">
            
                <a href="../Windows/cmd命令.html">
            
                    
                        <b>1.11.1.</b>
                    
                    cmd命令
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="1.12" data-path="../Vim.html">
            
                <a href="../Vim.html">
            
                    
                        <b>1.12.</b>
                    
                    Vim
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.13" data-path="../i3WM快捷键.html">
            
                <a href="../i3WM快捷键.html">
            
                    
                        <b>1.13.</b>
                    
                    i3WM快捷键
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.14" data-path="../ADB命令.html">
            
                <a href="../ADB命令.html">
            
                    
                        <b>1.14.</b>
                    
                    ADB命令
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.15" data-path="../Tmux.html">
            
                <a href="../Tmux.html">
            
                    
                        <b>1.15.</b>
                    
                    Tmux
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.16" data-path="../Kindle.html">
            
                <a href="../Kindle.html">
            
                    
                        <b>1.16.</b>
                    
                    Kindle越狱指南
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.17" data-path="../Other/">
            
                <a href="../Other/">
            
                    
                        <b>1.17.</b>
                    
                    Other
            
                </a>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.17.1" data-path="../Other/pandoc.html">
            
                <a href="../Other/pandoc.html">
            
                    
                        <b>1.17.1.</b>
                    
                    pandoc
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.17.2" data-path="../Other/jupyter&reveal.js.html">
            
                <a href="../Other/jupyter&reveal.js.html">
            
                    
                        <b>1.17.2.</b>
                    
                    jupyter & reveal.js
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.17.3" data-path="../Other/json.html">
            
                <a href="../Other/json.html">
            
                    
                        <b>1.17.3.</b>
                    
                    json
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.17.4" data-path="../Other/Reveal_js.html">
            
                <a href="../Other/Reveal_js.html">
            
                    
                        <b>1.17.4.</b>
                    
                    Reveal_js
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    

    

    <li class="divider"></li>

    <li>
        <a href="https://www.gitbook.com" target="blank" class="gitbook-link">
            本书使用 GitBook 发布
        </a>
    </li>
</ul>


                </nav>
            
        
    </div>

    <div class="book-body">
        
            <div class="body-inner">
                
                    

<div class="book-header" role="navigation">
    

    <!-- Title -->
    <h1>
        <i class="fa fa-circle-o-notch fa-spin"></i>
        <a href=".." >OpenSSL、PKI搭建</a>
    </h1>
</div>




                    <div class="page-wrapper" tabindex="-1" role="main">
                        <div class="page-inner">
                            
<div id="book-search-results">
    <div class="search-noresults">
    
                                <section class="normal markdown-section">
                                
                                <div id="anchor-navigation-ex-navbar"><i class="fa fa-anchor"></i><ul><li><a href="#&#x51E0;&#x79CD;&#x52A0;&#x5BC6;&#x7B97;&#x6CD5;&#x4F18;&#x7F3A;&#x70B9;&#x4EE5;&#x53CA;&#x5BF9;&#x5E94;&#x7684;&#x534F;&#x8BAE;">1. &#x51E0;&#x79CD;&#x52A0;&#x5BC6;&#x7B97;&#x6CD5;&#x4F18;&#x7F3A;&#x70B9;&#x4EE5;&#x53CA;&#x5BF9;&#x5E94;&#x7684;&#x534F;&#x8BAE;</a></li><ul><li><a href="#1&#x3001;-&#x5BF9;&#x79F0;&#x52A0;&#x5BC6;&#xFF1A;&#x52A0;&#x5BC6;&#x548C;&#x89E3;&#x5BC6;&#x4F7F;&#x7528;&#x540C;&#x4E00;&#x79D8;&#x94A5;">1.1. 1&#x3001; &#x5BF9;&#x79F0;&#x52A0;&#x5BC6;&#xFF1A;&#x52A0;&#x5BC6;&#x548C;&#x89E3;&#x5BC6;&#x4F7F;&#x7528;&#x540C;&#x4E00;&#x79D8;&#x94A5;</a></li><li><a href="#2&#x3001;&#x975E;&#x5BF9;&#x79F0;&#x52A0;&#x5BC6;&#x516C;&#x94A5;&#x52A0;&#x5BC6;&#x5206;&#x4E3A;&#x516C;&#x94A5;&#x548C;&#x79C1;&#x94A5;">1.2. 2&#x3001;&#x975E;&#x5BF9;&#x79F0;&#x52A0;&#x5BC6;(&#x516C;&#x94A5;&#x52A0;&#x5BC6;):&#x5206;&#x4E3A;&#x516C;&#x94A5;&#x548C;&#x79C1;&#x94A5;</a></li><li><a href="#3&#x3001;&#x5355;&#x5411;&#x52A0;&#x5BC6;&#xFF1A;&#x63D0;&#x53D6;&#x51FA;&#x6570;&#x636E;&#x6307;&#x7EB9;&#x53EA;&#x80FD;&#x52A0;&#x5BC6;&#x4E0D;&#x80FD;&#x89E3;&#x5BC6;">1.3. 3&#x3001;&#x5355;&#x5411;&#x52A0;&#x5BC6;&#xFF1A;&#x63D0;&#x53D6;&#x51FA;&#x6570;&#x636E;&#x6307;&#x7EB9;,&#x53EA;&#x80FD;&#x52A0;&#x5BC6;,&#x4E0D;&#x80FD;&#x89E3;&#x5BC6;</a></li></ul><li><a href="#&#x5BC6;&#x94A5;&#x4EA4;&#x6362;">2. &#x5BC6;&#x94A5;&#x4EA4;&#x6362;</a></li><li><a href="#ssl&#x548C;tls">3. SSL&#x548C;TLS</a></li><li><a href="#pkipublic-key-infrastructure&#x516C;&#x94A5;&#x57FA;&#x7840;&#x8BBE;&#x65BD;">4. PKI(Public Key Infrastructure):&#x516C;&#x94A5;&#x57FA;&#x7840;&#x8BBE;&#x65BD;</a></li></ul></div><a href="#&#x51E0;&#x79CD;&#x52A0;&#x5BC6;&#x7B97;&#x6CD5;&#x4F18;&#x7F3A;&#x70B9;&#x4EE5;&#x53CA;&#x5BF9;&#x5E94;&#x7684;&#x534F;&#x8BAE;" id="anchorNavigationExGoTop"><i class="fa fa-arrow-up"></i></a><blockquote>
<p><strong>This is OpenSSL&#x3001;PKI&#x642D;&#x5EFA;&#x3001;&#x52A0;&#x5BC6;&#x7B97;&#x6CD5;&#x548C;&#x7C7B;&#x578B; StudyNote.</strong></p>
</blockquote>
<h1 id="&#x51E0;&#x79CD;&#x52A0;&#x5BC6;&#x7B97;&#x6CD5;&#x4F18;&#x7F3A;&#x70B9;&#x4EE5;&#x53CA;&#x5BF9;&#x5E94;&#x7684;&#x534F;&#x8BAE;"><a name="&#x51E0;&#x79CD;&#x52A0;&#x5BC6;&#x7B97;&#x6CD5;&#x4F18;&#x7F3A;&#x70B9;&#x4EE5;&#x53CA;&#x5BF9;&#x5E94;&#x7684;&#x534F;&#x8BAE;" class="anchor-navigation-ex-anchor" href="#&#x51E0;&#x79CD;&#x52A0;&#x5BC6;&#x7B97;&#x6CD5;&#x4F18;&#x7F3A;&#x70B9;&#x4EE5;&#x53CA;&#x5BF9;&#x5E94;&#x7684;&#x534F;&#x8BAE;"><i class="fa fa-link" aria-hidden="true"></i></a>1. &#x51E0;&#x79CD;&#x52A0;&#x5BC6;&#x7B97;&#x6CD5;&#x4F18;&#x7F3A;&#x70B9;&#x4EE5;&#x53CA;&#x5BF9;&#x5E94;&#x7684;&#x534F;&#x8BAE;</h1>
<h2 id="1&#x3001;-&#x5BF9;&#x79F0;&#x52A0;&#x5BC6;&#xFF1A;&#x52A0;&#x5BC6;&#x548C;&#x89E3;&#x5BC6;&#x4F7F;&#x7528;&#x540C;&#x4E00;&#x79D8;&#x94A5;"><a name="1&#x3001;-&#x5BF9;&#x79F0;&#x52A0;&#x5BC6;&#xFF1A;&#x52A0;&#x5BC6;&#x548C;&#x89E3;&#x5BC6;&#x4F7F;&#x7528;&#x540C;&#x4E00;&#x79D8;&#x94A5;" class="anchor-navigation-ex-anchor" href="#1&#x3001;-&#x5BF9;&#x79F0;&#x52A0;&#x5BC6;&#xFF1A;&#x52A0;&#x5BC6;&#x548C;&#x89E3;&#x5BC6;&#x4F7F;&#x7528;&#x540C;&#x4E00;&#x79D8;&#x94A5;"><i class="fa fa-link" aria-hidden="true"></i></a>1.1. 1&#x3001; &#x5BF9;&#x79F0;&#x52A0;&#x5BC6;&#xFF1A;&#x52A0;&#x5BC6;&#x548C;&#x89E3;&#x5BC6;&#x4F7F;&#x7528;&#x540C;&#x4E00;&#x79D8;&#x94A5;</h2>
<ul>
<li><p>&#x5E38;&#x89C1;&#x7684;&#x7B97;&#x6CD5;&#x6709;&#xFF1A;<code>DES</code>,<code>3DES</code>,<code>AES</code></p>
</li>
<li><p>&#x7279;&#x6027;&#x4EE5;&#x53CA;&#x7F3A;&#x70B9;</p>
<ul>
<li><blockquote>
<p>&#x7279;&#x6027;&#xFF1A;</p>
<p>&#x200B;                &#x52A0;&#x5BC6;&#x89E3;&#x5BC6;&#x4F7F;&#x7528;&#x540C;&#x4E00;&#x79D8;&#x94A5;</p>
<p>&#x200B;                &#x5C06;&#x539F;&#x59CB;&#x6570;&#x636E;&#x5212;&#x5206;&#x6210;&#x591A;&#x4E2A;&#x5757;&#xFF0C;&#x5E76;&#x9010;&#x4E2A;&#x8FDB;&#x884C;&#x52A0;&#x5BC6;</p>
<p>&#x7F3A;&#x70B9;&#xFF1A;</p>
<p>&#x200B;                &#x4EA7;&#x751F;&#x7684;&#x79D8;&#x94A5;&#x8FC7;&#x591A;</p>
<p>&#x200B;                &#x79D8;&#x94A5;&#x5206;&#x53D1;&#x6BD4;&#x8F83;&#x56F0;&#x96BE;</p>
</blockquote>
</li>
</ul>
</li>
<li><p>&#x57FA;&#x672C;&#x7528;&#x9014;&#xFF1A;&#x7528;&#x6765;&#x6570;&#x636E;&#x52A0;&#x5BC6;&#xFF08;&#x4FDD;&#x5BC6;&#x6027;&#xFF09;</p>
</li>
<li><p>&#x8BE6;&#x60C5;&#x53C2;&#x8003;&#xFF1A;<a href="http://www.baidu.com/link?url=9cR8rk4ajXh5Ckpk6xq0xg4pxp8Woz4QanAudazXwL8g742oYrrvBqrn-BfywsBjni6qTOsyDwBMtBPfj_LVAjemhNk87a1Wf389o0KrwNFn6Xv73jMphkCq0jQKuzqQ&amp;wd=&amp;eqid=fab8283f00af7c39000000035d9d31de" target="_blank">&#x5BF9;&#x79F0;&#x52A0;&#x5BC6;_&#x767E;&#x5EA6;&#x767E;&#x79D1;</a></p>
</li>
</ul>
<h2 id="2&#x3001;&#x975E;&#x5BF9;&#x79F0;&#x52A0;&#x5BC6;&#x516C;&#x94A5;&#x52A0;&#x5BC6;&#x5206;&#x4E3A;&#x516C;&#x94A5;&#x548C;&#x79C1;&#x94A5;"><a name="2&#x3001;&#x975E;&#x5BF9;&#x79F0;&#x52A0;&#x5BC6;&#x516C;&#x94A5;&#x52A0;&#x5BC6;&#x5206;&#x4E3A;&#x516C;&#x94A5;&#x548C;&#x79C1;&#x94A5;" class="anchor-navigation-ex-anchor" href="#2&#x3001;&#x975E;&#x5BF9;&#x79F0;&#x52A0;&#x5BC6;&#x516C;&#x94A5;&#x52A0;&#x5BC6;&#x5206;&#x4E3A;&#x516C;&#x94A5;&#x548C;&#x79C1;&#x94A5;"><i class="fa fa-link" aria-hidden="true"></i></a>1.2. 2&#x3001;&#x975E;&#x5BF9;&#x79F0;&#x52A0;&#x5BC6;(&#x516C;&#x94A5;&#x52A0;&#x5BC6;):&#x5206;&#x4E3A;&#x516C;&#x94A5;&#x548C;&#x79C1;&#x94A5;</h2>
<ul>
<li><code>&#x516C;&#x94A5;</code>(public key)&#x4ECE;&#x79C1;&#x94A5;&#x4E2D;&#x63D0;&#x53D6;&#x4EA7;&#x751F;&#xFF0C;&#x53EF;&#x516C;&#x5F00;&#x7ED9;&#x6240;&#x6709;&#x4EBA;&#xFF0C;<code>&#x79C1;&#x94A5;</code>(secret key)&#x7531;&#x7528;&#x6237;&#x81EA;&#x884C;&#x4EA7;&#x751F;&#xFF0C;&#x9700;&#x4FDD;&#x8BC1;&#x5176;&#x5B8C;&#x6574;&#x6027;</li>
<li>&#x5E38;&#x89C1;&#x7684;&#x7B97;&#x6CD5;&#x6709;&#xFF1A;<code>RSA</code>,<code>DSA</code>,<code>ELGamal</code>,&#x5176;&#x4E2D;<code>DSA</code>&#x4E00;&#x822C;&#x53EA;&#x7528;&#x6765;&#x6570;&#x5B57;&#x7B7E;&#x540D;</li>
<li>&#x57FA;&#x672C;&#x7528;&#x9014;&#xFF1A;<ul>
<li><code>&#x6570;&#x5B57;&#x7B7E;&#x540D;</code>&#xFF1A;&#x8BA9;&#x63A5;&#x6536;&#x65B9;&#x786E;&#x8BA4;&#x53D1;&#x9001;&#x65B9;&#x7684;&#x8EAB;&#x4EFD;</li>
<li><code>&#x5BC6;&#x94A5;&#x4EA4;&#x6362;</code>&#xFF1A;&#x53D1;&#x9001;&#x65B9;&#x7528;&#x5BF9;&#x65B9;&#x7684;&#x516C;&#x94A5;&#x52A0;&#x5BC6;&#x4E00;&#x4E2A;&#x5BF9;&#x79F0;&#x5BC6;&#x94A5;&#xFF0C;&#x5E76;&#x53D1;&#x9001;&#x7ED9;&#x5BF9;&#x65B9;</li>
<li><code>&#x6570;&#x636E;&#x52A0;&#x5BC6;</code></li>
</ul>
</li>
<li>&#x8BE6;&#x60C5;&#x53C2;&#x8003;&#xFF1A;<a href="http://www.baidu.com/link?url=E4o847EGZyDdQCMoX4DEhEwzl9zCDdD_bXs1eyTGN6YxC9kxJbuslB1rlUAz3kY4Sg-qjUrADM_tUxHVrrJtF3EAngVOW4wxb4tTX5_Bjv4zLR_2czlN2m4UWrkGTeg7BPU6cn5g16Zw6A44VgnrcIdV3le4-cIhkuvOtqhB-Wa&amp;wd=&amp;eqid=83d3a9f400b72f53000000035d9d3232" target="_blank">&#x975E;&#x5BF9;&#x79F0;&#x52A0;&#x5BC6;&#x7B97;&#x6CD5;_&#x767E;&#x5EA6;&#x767E;&#x79D1;</a></li>
</ul>
<h2 id="3&#x3001;&#x5355;&#x5411;&#x52A0;&#x5BC6;&#xFF1A;&#x63D0;&#x53D6;&#x51FA;&#x6570;&#x636E;&#x6307;&#x7EB9;&#x53EA;&#x80FD;&#x52A0;&#x5BC6;&#x4E0D;&#x80FD;&#x89E3;&#x5BC6;"><a name="3&#x3001;&#x5355;&#x5411;&#x52A0;&#x5BC6;&#xFF1A;&#x63D0;&#x53D6;&#x51FA;&#x6570;&#x636E;&#x6307;&#x7EB9;&#x53EA;&#x80FD;&#x52A0;&#x5BC6;&#x4E0D;&#x80FD;&#x89E3;&#x5BC6;" class="anchor-navigation-ex-anchor" href="#3&#x3001;&#x5355;&#x5411;&#x52A0;&#x5BC6;&#xFF1A;&#x63D0;&#x53D6;&#x51FA;&#x6570;&#x636E;&#x6307;&#x7EB9;&#x53EA;&#x80FD;&#x52A0;&#x5BC6;&#x4E0D;&#x80FD;&#x89E3;&#x5BC6;"><i class="fa fa-link" aria-hidden="true"></i></a>1.3. 3&#x3001;&#x5355;&#x5411;&#x52A0;&#x5BC6;&#xFF1A;&#x63D0;&#x53D6;&#x51FA;&#x6570;&#x636E;&#x6307;&#x7EB9;,&#x53EA;&#x80FD;&#x52A0;&#x5BC6;,&#x4E0D;&#x80FD;&#x89E3;&#x5BC6;</h2>
<ul>
<li>&#x5E38;&#x7528;&#x7B97;&#x6CD5;&#x6709;<code>md5</code>(Message Digest5),<code>sha1/224/256/384/512</code>(Secure Hash Algorithm)</li>
<li>&#x7279;&#x6027;&#xFF1A;&#x5B9A;&#x957F;&#x8F93;&#x51FA;&#xFF0C;&#x96EA;&#x5D29;&#x6548;&#x5E94;<ul>
<li><code>&#x96EA;&#x5D29;&#x6548;&#x5E94;</code>&#xFF1A;&#x96EA;&#x5D29;&#x6548;&#x5E94;&#x5C31;&#x662F;&#x4E00;&#x79CD;&#x4E0D;&#x7A33;&#x5B9A;&#x7684;&#x5E73;&#x8861;&#x72B6;&#x6001;&#x4E5F;&#x662F;&#x52A0;&#x5BC6;&#x7B97;&#x6CD5;&#x7684;&#x4E00;&#x79CD;&#x7279;&#x5F81;&#xFF0C;&#x5B83;&#x6307;&#x660E;&#x6587;&#x6216;&#x5BC6;&#x94A5;&#x7684;&#x5C11;&#x91CF;&#x53D8;&#x5316;&#x4F1A;&#x5F15;&#x8D77;&#x5BC6;&#x6587;&#x7684;&#x5F88;&#x5927;&#x53D8;&#x5316;</li>
</ul>
</li>
<li>&#x57FA;&#x672C;&#x7528;&#x9014;&#xFF1A;&#x4FDD;&#x8BC1;&#x6570;&#x636E;&#x7684;&#x5B8C;&#x6574;&#x6027;</li>
</ul>
<h1 id="&#x5BC6;&#x94A5;&#x4EA4;&#x6362;"><a name="&#x5BC6;&#x94A5;&#x4EA4;&#x6362;" class="anchor-navigation-ex-anchor" href="#&#x5BC6;&#x94A5;&#x4EA4;&#x6362;"><i class="fa fa-link" aria-hidden="true"></i></a>2. &#x5BC6;&#x94A5;&#x4EA4;&#x6362;</h1>
<ul>
<li>IKE&#xFF1A;Internet Key Exchange</li>
<li>&#x5E38;&#x7528;&#x7B97;&#x6CD5;&#xFF1A;<code>RSA</code>,<code>DH</code></li>
<li><p>DH(Diffie-Hellman)&#x7B97;&#x6CD5;&#xFF1A;<a href="https://baike.baidu.com/item/Diffie-Hellman/9827194?fr=aladdin#3" target="_blank">&#x7B97;&#x6CD5;&#x63CF;&#x8FF0;</a>&#xFF0C;&#x76EE;&#x7684;&#x5728;&#x4E8E;&#x4F7F;&#x5F97;&#x4E24;&#x4E2A;&#x7528;&#x6237;&#x5B89;&#x5168;&#x5730;&#x4EA4;&#x6362;&#x4E00;&#x4E2A;&#x79D8;&#x5BC6;&#x5BC6;&#x94A5;&#x4EE5;&#x4FBF;&#x7528;&#x4E8E;&#x4EE5;&#x540E;&#x7684;&#x62A5;&#x6587;&#x52A0;&#x5BC6;&#xFF0C;&#x53D8;&#x79CD;<code>ECDH</code>(&#x692D;&#x5706;&#x66F2;&#x7EBF;DH)&#xFF0C;<code>ECDHE</code>(&#x4E34;&#x65F6;&#x692D;&#x5706;&#x66F2;&#x7EBF;DH)</p>
</li>
<li><p>](<a href="https://zh.wikipedia.org/wiki/X.509#&#x8BC1;&#x4E66;&#x7EC4;&#x6210;&#x7ED3;&#x6784;" target="_blank">https://zh.wikipedia.org/wiki/X.509#&#x8BC1;&#x4E66;&#x7EC4;&#x6210;&#x7ED3;&#x6784;</a>)</p>
</li>
</ul>
<h1 id="ssl&#x548C;tls"><a name="ssl&#x548C;tls" class="anchor-navigation-ex-anchor" href="#ssl&#x548C;tls"><i class="fa fa-link" aria-hidden="true"></i></a>3. SSL&#x548C;TLS</h1>
<ul>
<li><p><code>SSL</code>&#xFF1A;Secure Socket Layer  &#x5B89;&#x5168;&#x5957;&#x63A5;&#x5B57;&#x5C42;&#xFF0C;&#x53D1;&#x884C;&#x7248;&#x672C;v1.0 v2.0 v3.0</p>
</li>
<li><p><code>TLS</code>&#xFF1A;Transport Layer Security  &#x4F20;&#x8F93;&#x5B89;&#x5168;&#x5C42;&#xFF0C;&#x7248;&#x672C;v1.0 v1.1 v1.2 v1.3</p>
</li>
<li><p><a href="../home/suofeiya/myGitbook/images/IMG_20191009_200222.jpg" data-lightbox="48fb1220-3d79-4493-9951-f36459661b91" data-title="SSL&#x4F1A;&#x8BDD;&#x4E3B;&#x8981;&#x4E0D;&#x6B65;&#x9AA4;"><img src="../home/suofeiya/myGitbook/images/IMG_20191009_200222.jpg" alt="SSL&#x4F1A;&#x8BDD;&#x4E3B;&#x8981;&#x4E0D;&#x6B65;&#x9AA4;"></a></p>
</li>
<li><p>&#x53C2;&#x8003;&#x8D44;&#x6599;&#xFF1A;<a href="https://zh.wikipedia.org/wiki/&#x50B3;&#x8F38;&#x5C64;&#x5B89;&#x5168;&#x6027;&#x5354;&#x5B9A;" target="_blank">wiki&#x767E;&#x79D1;_&#x4F20;&#x8F93;&#x5C42;&#x5B89;&#x5168;&#x6027;&#x534F;&#x8BAE;</a></p>
</li>
<li><p>OpenSSL&#x547D;&#x4EE4;&#x884C;&#x5DE5;&#x5177;&#x7684;&#x4F7F;&#x7528;&#xFF1A;</p>
<ul>
<li><blockquote>
<p>&#xFF08;1&#xFF09;&#x5BF9;&#x79F0;&#x52A0;&#x5BC6;</p>
<p>&#x200B;                &#x6240;&#x7528;&#x5DE5;&#x5177;&#xFF1A;<code>openssl enc</code>,<code>gpg</code></p>
<p>&#x200B;                &#x652F;&#x6301;&#x7684;&#x7B97;&#x6CD5;&#x6709;&#xFF1A;<code>3DES</code>,<code>AES</code>,<code>blowfish</code></p>
<pre class="language-"><code class="lang-bash">openssl enc -e  -a -salt -in TESTFILE   -out TESTFILE.cipher        <span class="token comment"># -e&#x8868;&#x793A;&#x52A0;&#x5BC6;&#x6587;&#x4EF6;&#xFF0C;-a&#x8868;&#x793A;base64&#x7F16;&#x7801;&#xFF0C;-salt&#x52A0;&#x76D0;&#x6DFB;&#x52A0;&#x6742;&#x8D28;&#x66F4;&#x5B89;&#x5168;</span>
openssl enc -d  -a -salt &#x2013;in TESTFILE.cipherr  -out OUT_TESTFILE            <span class="token comment"># -d&#x8868;&#x793A;&#x89E3;&#x5BC6;</span>
</code></pre>
<p>&#xFF08;2&#xFF09;&#x5355;&#x5411;&#x52A0;&#x5BC6;</p>
<p>&#x200B;                &#x6240;&#x7528;&#x5DE5;&#x5177;&#xFF1A;<code>openssl dgst</code></p>
<pre class="language-"><code class="lang-bash">openssl dgst /<span class="token environment constant">PATH</span>/TO/SOMEFILE
</code></pre>
<p>&#xFF08;3&#xFF09;&#x968F;&#x673A;&#x751F;&#x6210;&#x7528;&#x6237;&#x5BC6;&#x7801;</p>
<p>&#x200B;                &#x6240;&#x7528;&#x5DE5;&#x5177;&#xFF1A;<code>openssl passwd</code></p>
<pre class="language-"><code class="lang-bash"><span class="token comment"># &#x4EA4;&#x4E92;&#x5F0F;&#x5BC6;&#x7801;&#x751F;&#x6210;&#x5DE5;&#x5177;</span>
openssl <span class="token function">passwd</span> -1 -salt SALT            <span class="token comment"># &#x53C2;&#x6570;-1&#x4EE3;&#x8868;&#x4F7F;&#x7528;md5&#x52A0;&#x5BC6;&#xFF0C;-salt&#x52A0;&#x5165;&#x6DF7;&#x6742;</span>
</code></pre>
<p>&#xFF08;4&#xFF09;&#x751F;&#x6210;&#x968F;&#x673A;&#x6570;</p>
<p>&#x200B;             &#x6240;&#x7528;&#x5DE5;&#x5177;&#xFF1A;<code>openssl rand</code></p>
<pre class="language-"><code class="lang-bash">openssl rand -hex NUMBER
openssl rand -base64 NUMBER
</code></pre>
<p>&#xFF08;5&#xFF09;<strong>&#x516C;&#x94A5;&#x52A0;&#x5BC6;</strong></p>
<pre class="language-"><code class="lang-bash"><span class="token comment"># &#x751F;&#x6210;&#x79C1;&#x94A5;</span>
<span class="token punctuation">(</span>umask 077<span class="token punctuation">;</span> openssl genrsa -out /<span class="token environment constant">PATH</span>/TO/PRIVATE_KEY_FILE NUM_BITS<span class="token punctuation">)</span>
<span class="token comment"># &#x63D0;&#x51FA;&#x516C;&#x94A5;</span>
openssl rsa -in /<span class="token environment constant">PATH</span>/TO/PRIVATE_KEY_FILE -pubout
</code></pre>
<hr>
<blockquote>
<p>Linux&#x7CFB;&#x7EDF;&#x4E0A;&#x7684;&#x968F;&#x673A;&#x6570;&#x751F;&#x6210;&#x5668;&#xFF1A;</p>
<p>&#x200B;            <code>/dev/random</code>&#xFF1A;&#x4EC5;&#x4ECE;&#x71B5;&#x6C60;&#x4E2D;&#x8FD4;&#x56DE;&#x968F;&#x673A;&#x6570;&#xFF0C;&#x5F53;&#x968F;&#x673A;&#x6570;&#x7528;&#x5C3D;&#x65F6;&#x963B;&#x585E;</p>
<p>&#x200B;            <code>/dev/urandom</code>&#xFF1A;&#x4ECE;&#x71B5;&#x6C60;&#x4E2D;&#x8FD4;&#x56DE;&#x968F;&#x673A;&#x6570;&#xFF0C;&#x5F53;&#x968F;&#x673A;&#x6570;&#x7528;&#x5C3D;&#x65F6;&#x4F1A;&#x5229;&#x7528;&#x8F6F;&#x4EF6;&#x751F;&#x6210;&#x4F2A;&#x968F;&#x673A;&#x6570;&#xFF0C;&#x975E;&#x963B;&#x585E;</p>
<p>&#x4F2A;&#x968F;&#x673A;&#x6570;&#x5E76;&#x4E0D;&#x5B89;&#x5168;&#xFF0C;&#x4E0D;&#x63A8;&#x8350;&#x4F7F;&#x7528;</p>
<p>&#x71B5;&#x6C60;&#x4E2D;&#x968F;&#x673A;&#x6570;&#x7684;&#x6765;&#x6E90;&#xFF1A;</p>
<p>&#x200B;            &#x786C;&#x76D8;IO&#x4E2D;&#x65AD;&#x7684;&#x65F6;&#x95F4;&#x95F4;&#x9694;</p>
<p>&#x200B;            &#x952E;&#x76D8;IO&#x4E2D;&#x65AD;&#x7684;&#x65F6;&#x95F4;&#x95F4;&#x9694;    </p>
</blockquote>
</blockquote>
</li>
</ul>
</li>
</ul>
<h1 id="pkipublic-key-infrastructure&#x516C;&#x94A5;&#x57FA;&#x7840;&#x8BBE;&#x65BD;"><a name="pkipublic-key-infrastructure&#x516C;&#x94A5;&#x57FA;&#x7840;&#x8BBE;&#x65BD;" class="anchor-navigation-ex-anchor" href="#pkipublic-key-infrastructure&#x516C;&#x94A5;&#x57FA;&#x7840;&#x8BBE;&#x65BD;"><i class="fa fa-link" aria-hidden="true"></i></a>4. PKI(Public Key Infrastructure):&#x516C;&#x94A5;&#x57FA;&#x7840;&#x8BBE;&#x65BD;</h1>
<ul>
<li><p>&#x516C;&#x94A5;&#x57FA;&#x7840;&#x8BBE;&#x65BD;&#x6709;&#xFF1A;</p>
<ul>
<li><blockquote>
<p>&#x7B7E;&#x8BC1;&#x673A;&#x6784;&#xFF1A;CA</p>
<p>&#x6CE8;&#x518C;&#x673A;&#x6784;&#xFF1A;RA</p>
<p>&#x8BC1;&#x4E66;&#x540A;&#x9500;&#x5217;&#x8868;&#xFF1A;CRL</p>
<p>&#x8BC1;&#x4E66;&#x5B58;&#x53D6;&#x5E93;</p>
<p>&#x53C2;&#x8003;&#xFF1A;<a href="https://baike.baidu.com/item/&#x516C;&#x94A5;&#x57FA;&#x7840;&#x8BBE;&#x65BD;/10881894?fromtitle=PKI&amp;fromid=212376#2" target="_blank">https://baike.baidu.com/item/%E5%85%AC%E9%92%A5%E5%9F%BA%E7%A1%80%E8%AE%BE%E6%96%BD/10881894?fromtitle=PKI&amp;fromid=212376#2</a></p>
</blockquote>
</li>
</ul>
</li>
<li><p>X.509&#xFF1A;&#x516C;&#x94A5;&#x8BC1;&#x4E66;&#x7684;&#x683C;&#x5F0F;&#x6807;&#x51C6;<a href="https://zh.wikipedia.org/wiki/X.509#%E8%AF%81%E4%B9%A6%E7%BB%84%E6%88%90%E7%BB%93%E6%9E%84" target="_blank">https://zh.wikipedia.org/wiki/X.509#%E8%AF%81%E4%B9%A6%E7%BB%84%E6%88%90%E7%BB%93%E6%9E%84</a></p>
</li>
<li><p>&#x5EFA;&#x7ACB;&#x79C1;&#x6709;CA</p>
<ul>
<li><blockquote>
<p>&#x53EF;&#x4EE5;&#x4F7F;&#x7528;<a href="https://www.openssl.org/" target="_blank"><code>openssl</code></a>&#x548C;<a href="https://www.openca.org/" target="_blank"><code>openca</code></a>&#x547D;&#x4EE4;</p>
<p><code>openssl</code>&#x7684;&#x4E09;&#x4E2A;&#x7EC4;&#x4EF6;&#xFF1A;</p>
<pre class="language-"><code>           openssl: &#x591A;&#x7528;&#x9014;&#x7684;&#x547D;&#x4EE4;&#x884C;&#x5DE5;&#x5177;&#xFF0C;&#x5305;openssl

           libcrypto: &#x52A0;&#x5BC6;&#x7B97;&#x6CD5;&#x5E93;&#xFF0C;&#x5305;openssl-libs
</code></pre><p>&#x200B;                libssl&#xFF1A;&#x52A0;&#x5BC6;&#x6A21;&#x5757;&#x5E94;&#x7528;&#x5E93;&#xFF0C;&#x5B9E;&#x73B0;&#x4E86;ssl&#x53CA;tls&#xFF0C;&#x5305;nss</p>
<p>openssl&#x547D;&#x4EE4;&#xFF1A;</p>
<p>&#x200B;            &#x914D;&#x7F6E;&#x6587;&#x4EF6;&#xFF1A;<code>/etc/pki/openssl.cnf</code></p>
<p>&#xFF08;1&#xFF09;&#x751F;&#x6210;&#x79C1;&#x94A5;</p>
<pre class="language-"><code class="lang-bash"><span class="token punctuation">(</span>umask 077<span class="token punctuation">;</span> openssl genrsa -out /etc/pki/CA/private/cakey.pem <span class="token number">4096</span><span class="token punctuation">)</span>
</code></pre>
<p>&#xFF08;2&#xFF09;&#x751F;&#x6210;&#x81EA;&#x7B7E;&#x8BC1;&#x4E66;</p>
<pre class="language-"><code class="lang-bash">openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days <span class="token number">3650</span>

<span class="token comment"># &#x67E5;&#x770B;&#x751F;&#x6210;&#x7684;&#x81EA;&#x7B7E;&#x540D;&#x8BC1;&#x4E66;</span>
openssl x509 -in /etc/pki/CA/cacert.pem -noout  -text
</code></pre>
<p>&#xFF08;3&#xFF09;&#x4E3A;CA&#x63D0;&#x4F9B;&#x6240;&#x9700;&#x6587;&#x4EF6;</p>
<pre class="language-"><code class="lang-bash"><span class="token function">touch</span> /etc/pki/CA/<span class="token punctuation">{</span>serial,index.txt<span class="token punctuation">}</span>
<span class="token builtin class-name">echo</span> 01 <span class="token operator">&gt;</span> /etc/pki/CA/serials
</code></pre>
<hr>
<p>&#xFF08;&#x7528;&#x6237;&#x7AEF;&#xFF09;</p>
<p>1&#xFF09;&#x751F;&#x6210;&#x79C1;&#x94A5;</p>
<pre class="language-"><code class="lang-bash"><span class="token punctuation">(</span>umask 077<span class="token punctuation">;</span>openssl genrsa -out app.key <span class="token number">1024</span><span class="token punctuation">)</span>
</code></pre>
<p>2&#xFF09;&#x751F;&#x6210;&#x8BC1;&#x4E66;&#x7533;&#x8BF7;&#x6587;&#x4EF6;</p>
<pre class="language-"><code> ```bash
</code></pre><p>openssl  req  -new -key app.key  -out app.csr</p>
<pre class="language-"><code> ```
</code></pre><p>3&#xFF09;&#x5C06;&#x751F;&#x6210;&#x7684;csr&#x8BC1;&#x4E66;&#x95EE;&#x4EF7;&#x53D1;&#x9001;&#x7ED9;CA&#x670D;&#x52A1;&#x5668;</p>
<hr>
<p>&#xFF08;4&#xFF09;CA&#x670D;&#x52A1;&#x5668;&#x9881;&#x53D1;&#x8BC1;&#x4E66;</p>
<pre class="language-"><code class="lang-bash">openssl ca -in app.csr -out /etc/pki/CA/certs/app.crt -days <span class="token number">100</span>

<span class="token comment"># &#x67E5;&#x770B;&#x8BC1;&#x4E66;&#x4E2D;&#x7684;&#x4FE1;&#x606F;</span>
openssl x509 -in /etc/pki/CA/certs/app.crt -noout -serial -subject
</code></pre>
<p>&#xFF08;5&#xFF09;&#x5C06;&#x751F;&#x6210;&#x7684;crt&#x8BC1;&#x4E66;&#x53D1;&#x56DE;&#x5BA2;&#x6237;&#x7AEF;&#x5373;&#x53EF;</p>
<hr>
<ul>
<li>&#x540A;&#x9500;&#x8BC1;&#x4E66;&#x53C2;&#x8003;&#xFF1A;<a href="https://www.cnblogs.com/along21/p/7595912.html#auto_id_5" target="_blank">https://www.cnblogs.com/along21/p/7595912.html#auto_id_5</a></li>
</ul>
</blockquote>
</li>
</ul>
</li>
</ul>
<footer class="page-footer"><span class="copyright">Copyright &#xA9; AGou 2020 all right reserved&#xFF0C;powered by Gitbook</span><span class="footer-modification">&#x8BE5;&#x6587;&#x4EF6;&#x4FEE;&#x8BA2;&#x65F6;&#x95F4;&#xFF1A;
2020-03-02 20:42:24
</span></footer>
                                
                                </section>
                            
    </div>
    <div class="search-results">
        <div class="has-results">
            
            <h1 class="search-results-title"><span class='search-results-count'></span> results matching "<span class='search-query'></span>"</h1>
            <ul class="search-results-list"></ul>
            
        </div>
        <div class="no-results">
            
            <h1 class="search-results-title">No results matching "<span class='search-query'></span>"</h1>
            
        </div>
    </div>
</div>

                        </div>
                    </div>
                
            </div>

            
                
                <a href="shell_awk.html" class="navigation navigation-prev " aria-label="Previous page: shell_awk">
                    <i class="fa fa-angle-left"></i>
                </a>
                
                
                <a href="DNS服务器.html" class="navigation navigation-next " aria-label="Next page: DNS服务器">
                    <i class="fa fa-angle-right"></i>
                </a>
                
            
        
    </div>

    <script>
        var gitbook = gitbook || [];
        gitbook.push(function() {
            gitbook.page.hasChanged({"page":{"title":"OpenSSL、PKI搭建","level":"1.4.15","depth":2,"next":{"title":"DNS服务器","level":"1.4.16","depth":2,"path":"Linux/DNS服务器.md","ref":"Linux/DNS服务器.md","articles":[]},"previous":{"title":"shell_awk","level":"1.4.14","depth":2,"path":"Linux/shell_awk.md","ref":"Linux/shell_awk.md","articles":[]},"dir":"ltr"},"config":{"plugins":["github@^2.0.0","edit-link@^2.0.2","anchors@^0.7.1","include-codeblock@^3.0.2","tbfed-pagefooter@^0.0.1","expandable-chapters-small@^0.1.7","anchor-navigation-ex@0.1.8","prism","-highlight","insert-logo","-lunr","-search","search-pro","splitter","lightbox","github-buttons","-sharing","sharing-plus","donate","code","-klipse","livereload"],"root":".","styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"pluginsConfig":{"tbfed-pagefooter":{"copyright":"Copyright © AGou 2020","modify_label":"该文件修订时间：","modify_format":"YYYY-MM-DD HH:mm:ss"},"prism":{"css":["prismjs/themes/prism-tomorrow.css"]},"github":{"url":"https://github.com/AGou-ops"},"livereload":{},"splitter":{},"search-pro":{},"sharing-plus":{"qq":false,"all":["facebook","google","twitter","instapaper","linkedin","pocket","stumbleupon"],"douban":false,"facebook":true,"weibo":false,"instapaper":false,"whatsapp":false,"hatenaBookmark":false,"twitter":true,"messenger":false,"line":false,"vk":false,"pocket":true,"google":false,"viber":false,"stumbleupon":false,"qzone":false,"linkedin":false},"code":{"copyButtons":true},"donate":{"alipay":"https://agou-ops.github.io/images/alipay.png","alipayText":"支付宝打赏","button":"打赏","title":"","wechat":"https://agou-ops.github.io/images/wechatpay.png","wechatText":"微信打赏"},"fontsettings":{"theme":"white","family":"sans","size":2},"anchor-navigation-ex":{"isRewritePageTitle":true,"tocLevel1Icon":"fa fa-hand-o-right","tocLevel2Icon":"fa fa-hand-o-right","tocLevel3Icon":"fa fa-hand-o-right"},"lightbox":{"jquery":true,"sameUuid":false},"github-buttons":{"repo":"AGou-ops/myStudyNote","types":["star","watch","fork"],"size":"small"},"expandable-chapters-small":{},"include-codeblock":{"check":false,"edit":true,"fixlang":false,"lang":"","template":"ace","theme":"chrome","unindent":true},"sharing":{"qq":true,"all":["douban","facebook","google","hatenaBookmark","instapaper","linkedin","twitter","weibo","messenger","qq","qzone","viber","vk","weibo","pocket","stumbleupon","whatsapp"],"douban":false,"facebook":false,"weibo":true,"instapaper":false,"whatsapp":false,"hatenaBookmark":false,"twitter":false,"messenger":false,"line":false,"vk":false,"pocket":false,"google":false,"viber":false,"stumbleupon":false,"qzone":true,"linkedin":false},"edit-link":{"label":"Edit This Page","base":"https://github.com/AGou-ops/myStudyNote"},"theme-default":{"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"showLevel":true},"anchors":{},"insert-logo":{"style":"background: none; max-height: 50px; min-height: 50px","url":"https://s2.ax1x.com/2019/12/10/QBD0xO.jpg"}},"theme":"default","author":"AGou","pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"variables":{},"title":"AGou's StudyNote","language":"zh-hans","output.name":"site","links":{"sidebar":{"◆点击进入我的个人博客":"http://agou-ops.github.io"}},"gitbook":"3.2.3","description":"岂能尽如人意，但求无愧我心。"},"file":{"path":"Linux/OpenSSL、PKI搭建、算法.md","mtime":"2020-03-02T12:42:24.288Z","type":"markdown"},"gitbook":{"version":"3.2.3","time":"2020-03-02T12:42:32.383Z"},"basePath":"..","book":{"language":""}});
        });
    </script>
</div>

        
    <script src="../gitbook/gitbook.js"></script>
    <script src="../gitbook/theme.js"></script>
    
        
        <script src="../gitbook/gitbook-plugin-github/plugin.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-edit-link/plugin.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-expandable-chapters-small/expandable-chapters-small.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-insert-logo/plugin.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-search-pro/jquery.mark.min.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-search-pro/search.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-splitter/splitter.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-lightbox/js/lightbox.min.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-github-buttons/plugin.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-sharing-plus/buttons.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-donate/plugin.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-code/plugin.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-livereload/plugin.js"></script>
        
    
        
        <script src="../gitbook/gitbook-plugin-fontsettings/fontsettings.js"></script>
        
    

    </body>
</html>

